QwikSec

Security Database

CVE

CWE

Training

CVE-2008-1673

Published: Jun 10, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

SUSE-SA:2008:047

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0189

x_refsource_CONFIRM

SUSE-SA:2008:038

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_BID

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ddb2c43594f22843e9f3153da151deaba1a834c5

x_refsource_CONFIRM

SUSE-SA:2008:035

vendor-advisory

x_refsource_SUSE

SUSE-SA:2008:052

vendor-advisory

x_refsource_SUSE

FEDORA-2008-5308

vendor-advisory

x_refsource_FEDORA

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

20080611 rPSA-2008-0189-1 kernel xen

mailing-list

x_refsource_BUGTRAQ

linux-kernel-ber-decoder-bo(42921)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

SUSE-SA:2008:048

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_MANDRIVA

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_MANDRIVA

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.5

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_UBUNTU

https://bugzilla.redhat.com/show_bug.cgi?id=443962

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

SUSE-SA:2008:049

vendor-advisory

x_refsource_SUSE

SUSE-SR:2008:025

vendor-advisory

x_refsource_SUSE

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c

x_refsource_CONFIRM

http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.6

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.